Connecting to MySQL databases in a secure environment

The security level configured for a site defines the access and operational limits for applications and files hosted on the site. When you want to connect to the MySQL databases of your site, ensure that the security settings of the site do not conflict with the MySQL connection settings, otherwise you will be unable to connect to the databases.

The following sections discuss the MySQL connection settings you need to configure (if you are using the command line) for different security levels.

Connecting to a MySQL database on a high security site

On a high-security site, the CGI scripts, remote login services (telnet, SSH), mod_perl, and mod_php services are locked into the site's file system. The Site Administrator and users of the site are logged into the home directory of the site and therefore cannot access system-wide files.

When you attempt to connect to a MySQL database using the command line or in your Web scripts, the high security settings cause the connection to fail with an error. This is because the MySQL socket file, mysql.sock, required for connecting to the MySQL server, resides at the system level (/var/lib/mysql/mysql.sock) and is unavailable in the site's file system.

To connect to the MySQL database, you need to specify the IP address of the host on which the MySQL server is located and the port number.

You need to use the following command to connect to the databases.

mysql -h 127.0.0.1 -P 3306 -u <username> -p<password>

Where:
-h 127.0.0.1  
 is the IP address of the local host
-P 3306       
 is the port number
-u <username>
 is the user name of the Site Administrator account
-p<password>
   is the password of the Site Administrator account

Connecting to a MySQL database on a 3.1 compatibility site

On a 3.1 compatibility site, the remote login services (telnet, SSH) are locked into the site's file system. The Site Administrator and users of the site are logged into the home directory of the site and therefore cannot access system-wide files.

When you attempt to connect to a MySQL database using the command line or in your Web scripts, the 3.1 compatibility settings cause the connection to fail with an error. This is because you are not authorized to access the MySQL socket file, mysql.sock (required for connecting to the MySQL server) that resides at the system level (/var/lib/mysql/mysql.sock).

To connect to the MySQL database, you need to specify the IP address of the host on which your MySQL server is located and the port number.

You need to use the following command to connect to the databases.

mysql -h 127.0.0.1 -P 3306 -u <username> -p<password>

Where:
-h 127.0.0.1  
 is the IP address of the local host
-P 3306
           is the port number
-u <username>
 is the user name of the Site Administrator account
-p<password>
   is the password of the Site Administrator account

Connecting to a MySQL database on a low security site

A low security site provides unrestricted access (except for access restricted by file or directory permissions) to files on the control panel server. Since the security settings do not impose access or operational limits, you can connect to the MySQL databases using the MySQL socket file, /var/lib/mysql/mysql.sock. Since this is the default mode of connection, you do not have to set the port number and the IP address of the host name on which the databases are located.

You need to use the following command to connect to the databases.

mysql -u <username> -p<password>

Where:
-u <username>
 is the user name of the Site Administrator account
-p<password>  
is the password of the Site Administrator account

 

Related Topics